CVE-2018-18441

Published Dec 20, 2018
Last updated 2 years ago
CVSS high 7.5
Overview

Description: D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-200
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dcs-936l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B7BA11A-3EA2-4B51-9F1D-CA490309B8F6",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-936l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "28203D6B-3BAD-4317-A43E-FB4F7DF6EB6C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dcs-942l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4F19A9B-F477-4288-A4B6-039769204C90",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-942l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7D04A473-87F2-4B8C-8FBF-BC02CF0DA8FD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dcs-8000lh_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "800EE948-8756-46AD-9B05-7092A87216E0",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-8000lh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C39037E2-5703-46C7-AA44-7E8E8FE1DE62"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dcs-942lb1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D1998AD-B8E2-4725-B50B-86D189DE0442",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-942lb1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ED97B580-A1FF-4207-91E2-8B0DAA6B2277"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dcs-5222l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D6125BC-025C-4407-AC47-414821DB33B1",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-5222l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "97C4B9CD-6029-4B92-8785-1349292EDD69"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dcs-825l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E470C8A-9980-4EDD-B3D1-7B9C93714918",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-825l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "465C691A-5068-474F-9BCF-D3CD99388EE4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dcs-2630l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEF7F10E-CF1D-4C38-B8C1-F987AFAF77EB",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-2630l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E09D0791-AAE2-4D42-A52D-D8755664BC4A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dcs-820l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7A0520A-9E40-45B0-89FE-D0139D0EFFD9",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-820l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E9D9AF38-6CC7-4651-97E7-7E26583021B8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dcs-855l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E40374D0-6021-4AF0-946C-CDC556686768",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-855l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3C3B756F-053B-43F1-B94E-F02E4B6CFB4C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dcs-2121_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB9A5A20-FD4F-4837-A76B-873EF2C24D0D",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-2121:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FC1DE485-2705-4394-BC93-0BE99FE02F12"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dcs-5222lb1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68180870-7D72-44E2-AE93-DC7FD03E38C2",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-5222lb1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A5C226B9-0C16-46D2-B169-33D500BFF726"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75848042-1899-41AB-AF25-735F78F91BBA",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B00912CC-6F2F-4F13-BED1-0DCD4DF965DB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6866E6F-BBD2-4C46-8621-466147D0A1B2",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F24CD425-B7C1-4828-AC1A-1A72A3559746"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dcs-8100lh_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CD73EB3-82E4-4F47-B4CD-EE71714BC0F0",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-8100lh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "92B26777-214B-47D8-82F9-FFFF200D2228"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "214CB888-1F26-4DB2-B1E7-4CBCB9F71942",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dcs-2102_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA2B7033-E82D-42C9-BB5F-F32F2E0E4926",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-2102:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "78CD04CA-964A-4D74-B30E-7DC53E1858B6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dcs-942lb1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D1998AD-B8E2-4725-B50B-86D189DE0442",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-942lb1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ED97B580-A1FF-4207-91E2-8B0DAA6B2277"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dcs-933l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0D43CDA-07AF-41D6-A0DC-A1F550F87901",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-933l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "414352B6-6760-4D78-91FC-5198F62981E9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dcs-5030l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A01A5E49-6B5E-4CC5-A4FA-A2E52F31C9BA",
            "versionStartIncluding": "1.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dcs-5030l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3BC9A416-A780-4532-8221-5674A7911198"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
